Scammers use Google Translate to create spoof login pages
A clever use of Google Translate fools victims into believing spoofed authentication requests are being handled by Google itself.
Compromising credentials are the number one staple in any cybercriminal’s book of activities, according to the Verizon Data Breach Investigation’s Report. A new phishing scam uses Google Translate to hide spoof logon pages when asking a user for their Google credentials. The user is sent a supposed Google Security Alert about a new device accessing their Google account with a “Consult the Activity” button to find out more.
The user is then taken to a spoofed Google logon page (shown below).
Random text in the URL
The kicker is that instead of seeing the mediacity.co URL, the cybercriminals use Google Translate to display the page, ... Read More
AI Disclosure necessity
I added a global AI disclosure to my website. You should too. My disclosure is
Some content here is generated by AI. The views expressed are the author's opinion and not legal advice. The author is not a lawyer. You are an adult and responsible for anything you do.
Why you should disclose AI usage too
As a content creator (we are all content creators, BTW), you might be wondering why you should include AI disclosure statements in anything you publish. Here are five reasons:
Build Trust and Transparency. With an open AI disclosure, you build trust with your audience. When you inform them that some content comes from AI, you demonstrate transparency in your creative process, which strengthens your relationship with readers.
Embrace Ethical Responsibility. Open ... Read More
Tic Tac Toe on Perplexity.ai
Have you ever wanted to take a break from your daily routine and engage in a quick game of Tic Tac Toe? Well, now you can do just that on Perplexity.ai! This classic game, loved by many for its simplicity and strategic depth, is now available for you to enjoy at https://perplexity.ai.
Fun for young and old
Playing Tic Tac Toe on Perplexity is not only easy but also a great way to challenge your mind. Whether you’re waiting for an appointment or just need a fun distraction, this game allows you to jump right in and start playing against the AI. The interface is user-friendly, making it accessible for players of all ages. You can choose to play as either "X" or ... Read More
What Is a Disaster Recovery Plan?
A disaster recovery plan is a plan that helps a business get back on its feet after something bad happens. This could be a natural disaster like a flood or a cyberattack like ransomware. Having a plan means the business can keep working and not lose too much money or important information. You are not isolated. You are a target. See https://youtu.be/JR0eKrQhbV8.
What Should Be in Your Plan?
Here are some important things to include in a disaster recovery plan:
Identify Risks: Think about what kinds of problems your business might face. This could be things like cyberattacks or natural disasters.
Back Up Data: Make sure you have copies of important files stored in a safe place. This way, if something happens, you can ... Read More
Scammers using hijacked GoDaddy domains to launch large-scale spam campaigns
GoDaddy took steps in January, 2019 to address the authentication flaw exploited by the attackers, according to Brian Krebs. Krebs first reported on the authentication weakness on January 22nd, when he outlined two massive spam campaigns during 2018 that were very successful at getting into people’s inboxes. Their success was due to the fact that the emails were sent through trusted but dormant domains, many of which were registered and owned by Fortune 500 companies.
Anti-spam researcher Ron Guilmette discovered that nearly all of these domains had used GoDaddy’s DNS service at some point. The scammers had realized that they could add domains to their GoDaddy accounts without proving that they owned the domains. GoDaddy quickly addressed the ... Read More
The Rising Threat of Ransomware
In recent years, ransomware attacks have emerged as one of the most significant cybersecurity threats to businesses worldwide. These attacks involve malicious software that encrypts a victim's files. This renders them inaccessible until a ransom is paid to the attacker. The financial and operational disruptions caused by ransomware can be severe, often leading to significant data loss, reputational damage, and costly downtime. I introduced the concept at https://youtu.be/qTk4I67no7s.
Lessons from Notorious Attacks
One of the most notorious attacks was the WannaCry outbreak in 2017, which affected hundreds of thousands of computers across the globe. This incident served as a wake-up call for businesses. It highlighted the critical need for robust cybersecurity measures and a comprehensive disaster recovery plan. To protect your business from ... Read More
European-level GPDR becomes California law in CCPA
Governor Brown signed into law California Assembly Bill 375, the California Consumer Privacy Act of 2018 (CCPA) in June, 2018. The law is new in the United States. It applies European-level compliance obligations akin to the now infamous General Data Protection Regulation (GDPR). The CCPA law takes effect on January 1, 2020.
What CCPA means for organizations doing business in California
CCPA includes new disclosure requirements, consumer rights, training obligations, and potential penalties for noncompliance, among other things.
Below are some of the key provisions:
Right to Transparency – Similar to the GDPR, the law creates a right to transparency regarding personal information. The law defines personal information very broadly, also like the EU definition, to include information that identifies, relates to, describes, is capable of being associated with, or could ... Read More
Social engineering on Wikipedia
Social engineering scammers are selectively editing Wikipedia pages. These lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the SpyEye banking Trojan was changed in mid-December to include a typo-ridden paragraph which claims that only three tech companies can remove the malware, and that “Best buy, Geek squad, Office Depo will not be able to fix it at all.” <sic>
VandenBrink says that the scammer made these edits to convince victims that “only we can help you fix this (fake of course) infection you have on your computer.” The edit history of the Wikipedia user who made the changes shows that the account made similar edits to the “Macro virus” Wikipedia page, ... Read More
You can’t have privacy without security
California clearly agrees and may test the applicability of Larry Page's advice with new legislation signed by California Governor Brown in September, 2018.
Internet of Things legislation takes effect 1/1/2020
With the ink barely dry on the infamous California Consumer Privacy Act (the CCPA)—a first-of-its-kind data privacy bill in the United States—Brown signed a new Internet of Things cybersecurity bill into law, SB 327. Perhaps not so coincidentally, both laws will take effect on January 1, 2020, marking a substantial compliance deadline for technology companies big and small.
SB 327 will require that a manufacturer of a “connected device” equip the device with a defined minimum amount of security. “Connected device” is defined quite broadly and as written encompasses “any device, or other physical ... Read More
In-house phishing tests identify at-risk users
As compliance mandates and consumer privacy laws get tougher, businesses are taking matters into their own hands, launching internal phishing attacks to identify at-risk users.
Phishing remains a profitable tactic for cybercriminal organizations. The ability to gain access to internal systems, compromise credentials, or convince a user to wire money is well within the cybercriminals reach, accomplishing these attack results and more on a daily basis.
Organizations like UNC Health Care in Chapel Hill, NC receive over 91 million suspicious emails a every quarter, with a little more than 8 million still getting past security scanners. Even with 30,000 employees, that still represents an average of about 4 phishing emails a day per user.
University of North Carolina sends 3,000 phishing tests a ... Read More